A new godfather virus for android that steals data from cryptocurrency applicati

[lovesmayfamilis]

The new year began with another discovery of viruses aimed at stealing cryptocurrencies.

Although the Trojan was discovered in 2021, it was not finalized then. At this time, the virus can read SMS in the victim's phones, thereby bypassing two-factor authorization.

The new malware was designed to collect user data, and it is targeting primarily banking and cryptocurrency applications. Once it infects a device, the malware begins to display fake websites of regular banking and crypto apps in order to steal the login data of users. BaFin revealed that the malware is targeting around 400 banking and crypto apps, including those operating in Germany.

We also know that Godfather relies on push notifications to obtain two-factor authentication codes, and that cybercriminals can use this data to gain access to consumers’ accounts and wallets.

https://thepaypers.com/cryptocurrencies/bafin-warns-of-new-godfather-banking-and-crypto-malware--1259756

[Coyster]

Virus/malwares have been known to steal information from people that will eventually be used to attempt to steal their funds, there are so many of them and they all have their unique ways of attacking their victims. The thing is to avoid them as much as possible, especially by storing crypto funds offline/HW wallet, these malwares mostly steal funds that are stored in hot wallets on the victims online phone or computer; you should also have more than one email address and have specific ones for untrusted websites so you don't click unsolicited links sent there. It is also safe to bookmark your regular websites so that you aren't redirected to scam/dummy ones that can scam you when you try to type it all the time. TL;DR: focus on how to protect yourself from malwares rather than the malwares per se.

[Obari]

Thank you for this information senior but I do have some few questions
~ Does this virus affect all country?
~what countries does it affect if it doesn't affect all countries?
~ is it just android devices that is been affected?

This criminals are really doing a great job and it seems they are also evolving with the world as well and I've also heard stories of possible scams through keyboards and most times this malwares comes in form of notifications that requires acceptance.

I think people need more of sensitization on cyber security and how to stay save especially in this world where is online criminals aren't relenting as well.

[lovesmayfamilis]

Thank you for this information senior but I do have some few questions
~ Does this virus affect all country?
~what countries does it affect if it doesn't affect all countries?
~ is it just android devices that is been affected?

This criminals are really doing a great job and it seems they are also evolving with the world as well and I've also heard stories of possible scams through keyboards and most times this malwares comes in form of notifications that requires acceptance.

I think people need more of sensitization on cyber security and how to stay save especially in this world where is online criminals aren't relenting as well.

If you carefully read the article, after the modification, this virus is mainly aimed at the inhabitants of the United States, and countries such as Canada, Germany, Spain and Turkey are also affected. Although, if we judge that we live on the Internet, the virus can be exchanged in other countries. To calm down that someone lives in another country, I think it's not worth it. It is good that you understand that Internet safety information requires regular awareness. But still, monitoring all the news, and also in the absence of timely news, the device's owner must be careful. Using the phone that was first in your hands, without a previous owner, and limiting the installation of applications, as well as controlling the links you follow, should be familiar. By installing all the decorations and seeming conveniences in your phone, you can expose it to the risk of a virus and control over your device.

According to the cybersecurity firm, the United States, Turkey and Spain account for the highest number of trojan or ‘Godfather’ malware activities. Canada, France, Germany and the UK are also hotbeds for the trojan, Group-IB said.

Additionally, the cybersecurity firm noted the ‘Godfather’ malware attacked users in 16 countries last year. These attacks affected 215 banking apps, 94 crypto wallets and 110 cryptocurrency exchange platforms.

Moreover, Group-IB in its report said the ‘Godfather’ malware code has an interesting functionality that prevents it from attacking users located in Russian-speaking and former Soviet Union countries. This suggests that the creators of the virus are from Russia or one of the former Soviet states, the cybersecurity firm said.

“The emergence of Godfather underscores the ability of threat actors to edit and update their tools to maintain their effectiveness in spite of efforts by malware detection and prevention providers to update their products,” Artem Grischenko, a Junior Malware Analyst at Group-IB, noted.

https://www.financemagnates.com/cryptocurrency/regulation/bafin-raises-alarm-on-trojan-godfather-affecting-banking-and-crypto-apps/

[AakZaki]

The more technological developments improve, the more malware will be developed by scammers to get loopholes on the user's device. Not only crypto, the virus will also attack all login data in the form of a code sent via SMS, and this will of course be very dangerous. SMS 2FA will certainly be very vulnerable and even everything connected to a mobile number will be easily hacked.

Device security from such malware viruses is very important, use some malware antivirus and don't use unknown applications downloaded from places that don't guarantee security, even such malware viruses will appear on advertisements of some visited websites.

[tranthidung]

Google and Google Play again. They are like a very favorite places for hackers to initiate their malicious tools.

Another annoying feature from Google is offer to save passwords. Turn it off if you are using Google Chrome but better to not use Google Chrome.

If you don't turn it off, maybe misclicks to save passwords to Google will happen.

[Findingnemo]

This news is really important for traders and users who think that their account is ultimately secured because they enabled the 2FA Security feature and much research proved bypassing 2FA is possible in one or many ways and this is one of its kind.

I think the device authorization security feature can be effective while dealing with this kind of attack so even if the hacker gets the victim's 2FA code still the authorization is needed when the account is logged into an unknown device, I saw this in some exchanges but expect to have in all of 'em.

[BlackHatCoiner]

Another reason why you shouldn't install a savings Bitcoin wallet to a closed-source mobile OS, right as well as you shouldn't login to exchanges from phone.

This news is really important for traders and users who think that their account is ultimately secured because they enabled the 2FA Security feature and much research proved bypassing 2FA is possible in one or many ways and this is one of its kind.

Which ironically never was 2FA, to begin with. If you use the same device to login and to confirm the SMS, then it isn't 2FA. (i.e., logging in to exchange from phone)

[dkbit98]

I would install minimal number of application from Google Store (or Aurora Store) to avoid scams like this, but it's even better to de-google your phone and use only open source alternative store and applications.
Using iPhone is probably safer against scams like this, even if I am not a big fan of their devices, I think they have better policy for releasing new apps that can scam people.
Whatever phone you choose, I wouldn't use them to install Bitcoin wallets and keep any larger amount of coins, unless it's used with hardware wallets.

[Welsh]

The more technological developments improve, the more malware will be developed by scammers to get loopholes on the user's device. Not only crypto, the virus will also attack all login data in the form of a code sent via SMS, and this will of course be very dangerous. SMS 2FA will certainly be very vulnerable and even everything connected to a mobile number will be easily hacked.

Two factor authentication via SMS has always been one of the weakest forms of two factor authentication you can have. It shouldn't be a surprise why. To have any sort of security, you'd need to verify logins or anything sensitive from an additional device that is physically separate from the account that you're trying to protect. Ideally, not connected to the same network also, to try to alleviate network attacks.

Ideally, you'd have a offline way of two factor authentication. A lot of users are now starting to use physical keys which do mitigate some of the attack vectors.

[AakZaki]

Two factor authentication via SMS has always been one of the weakest forms of two factor authentication you can have. It shouldn't be a surprise why. To have any sort of security, you'd need to verify logins or anything sensitive from an additional device that is physically separate from the account that you're trying to protect. Ideally, not connected to the same network also, to try to alleviate network attacks.

Ideally, you'd have a offline way of two factor authentication. A lot of users are now starting to use physical keys which do mitigate some of the attack vectors.

I myself am currently still using two-factor authentication via SMS, but the device used for the provider is not connected to the internet because I only use a polyphonic mobile device and can only receive text messages without an internet connection.
This minimizes the weakness of 2FA SMS so that it is not easily intercepted and tries to mitigate against network attacks like you mean.

and on other devices, I also use the Google 2FA App and also without connecting to the internet.

[The Cryptovator]

It appears to be more dangerous to read your 2FA codes or SMS from your device. Here's the lesson: why not keep 2FA authentication on the same device where you're running your crypto or banking apps. BTW, I keep my 2FA SMS sim in another device so that the virus cannot read it. I mostly store my cryptocurrency in hardware wallets, so it's almost safe. Hackers are constantly looking for new ways to steal our money. Just be more cautious.

[MarathonA]

There is no need to use SMS for 2FA, AFAIK Twilio Authy is a great choice for an alternative to Google Auth, it can be used as a direct replacement and is much better, since you can back it up (encrypted) to another computer, in case your primary device is ever broken or lost.

More info:
In February 2015, Twilio acquired Authy, a Y Combinator-backed startup that offers two-factor authentication services to end users, developers and enterprises.
https://en.wikipedia.org/wiki/Twilio
https://authy.com

[Zaharai]

Most Android applications now collect users' personal data from their phones, Mazority users grant these types of permissions without realizing the phone application. Google 2FA few times failed OTP generate & connected to the server.

Preferred,
*- Uninstalling the applications that are not needed.
*- Do not use previous version premium applications download untrusted sites.
*- Strong passwords require the use of special characters.

Check app permissions for safety.
Go to app setting>Hold on app>app info>permissions>check permissions carefully- select> allowed & Not allowed- finally finished and quit.

[CryptoHeadlineNews]

I would install minimal number of application from Google Store (or Aurora Store) to avoid scams like this,

You equally have a good point there. But for me i think if you can afford it, getting a new smartphone
device for only storage of all your crypto related stuff will be the best option (I.e including both your wallet and crypto exchanges which you used in selling your coins into fiat), so as to avoid any chances of getting your asset infected by any of the new Trojan viruses that might make you lose what would have even been more than the cost of a separate smartphone device.

[libert19]

This is why sms based 2fa is vulnerable and not to be relied upon. But then again, most banking apps only use sim based 2fa. I don't blame them tho as it's much easier compared to app/hw based 2fa. Customers reps would otherwise be bombarded with losing secret seed  

[Leviathan.007]

The new year began with another discovery of viruses aimed at stealing cryptocurrencies.

Although the Trojan was discovered in 2021, it was not finalized then. At this time, the virus can read SMS in the victim's phones, thereby bypassing two-factor authorization.

Since many people are using their phone for their financial things like holding crypto wallets and paying bills and using other payment systems, that's very much expecting to see hackers and trying to get access to people's hone by these viruses.
I don't think if that's possible for that virus to get these accesses from the victim's phone that easily because if we talk about Android it's linux based and not not easy for any virus to start running without of the user permission.
If you consider that viruses is actually a RAT it can get full access to your phone but that's just possible for the viruses if you grant them permission.